malloc.conf heads up

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

malloc.conf heads up

Otto Moerbeek
Hi,

We are moving away from the /etc/malloc.conf symbolic link to a new sysctl:

        $ sysctl vm.malloc_conf      
        vm.malloc_conf=C

This will allow unveiled and chrooted processes to access the malloc
options without having to do anything special in the code or chroot
dir.

As I often get this question: for some extra protection, use C or CJ,
accept some performance impact.  For development, bug hunting and/or
extra securty use S, with more performance impact.

Note that with default options, malloc already has quite some
protection features.

Upcoming snapshots will contain this.

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: malloc.conf heads up

Otto Moerbeek
On Wed, Nov 07, 2018 at 07:23:35AM +0100, Otto Moerbeek wrote:

> Hi,
>
> We are moving away from the /etc/malloc.conf symbolic link to a new sysctl:
>
> $ sysctl vm.malloc_conf      
> vm.malloc_conf=C
>
> This will allow unveiled and chrooted processes to access the malloc
> options without having to do anything special in the code or chroot
> dir.
>
> As I often get this question: for some extra protection, use C or CJ,

I meant to type C or CF!

> accept some performance impact.  For development, bug hunting and/or
> extra securty use S, with more performance impact.
>
> Note that with default options, malloc already has quite some
> protection features.
>
> Upcoming snapshots will contain this.
>
> -Otto
>